Role assignment criteria help - new accounts

Hello,

I want to create new Salesforce accounts for new hires joining our company via Sailpoint roles.

The use case is that I only want to create a base Salesforce account with a minimum access profile via Sailpoint. This base account will be created for certain departments only. Then the Salesforce team will run their RBAC automation script, replacing the minimum access profile provided. Salesforce only allows one access profile per user at a time. Hence the replacement.

The identity should be removed from the role once the base Salesforce account gets created, as we do not want Sailpoint to re-add the minimum access profile again.

How can this be achieved via role assignment criteria? Thank you.

Hi @salam1,

In your account schemas of your salesforce source, you can change the attribute type of role/entitlement from mutli valued to non multi value (by setting multivalued to false).

With that any updated on this attribute will use set operation rather than add operation.

i found a solution to this by adding a first valid transform to see if the account exists in salesforce. thank you.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.